VYPR
High severity7.2NVD Advisory· Published Apr 3, 2026· Updated Apr 10, 2026

CVE-2026-35536

CVE-2026-35536

Description

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were not checked for crafted characters.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
tornadoPyPI
< 6.5.56.5.5

Affected products

5

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.